Download pptx - Nge navy tech day

Next-Generation Encryption (NGE) and the Commercial Solutions for Classified (CSfC) Program

Neil LoveringCCIE #1772Consulting Systems Engineer – Security

[email protected] March 3, 2016

Navy Tech Day – San Diego

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Agenda

• Next-Generation Encryption Overview

• NGE and the Commercial Solution for Classified Program

• CSfC Use-Case

• Cisco NGE Innovation Focus Areas

• Summary

2

Next-Generation Encryption Overview

3

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

Cryptography

• Cryptography is embedded in all Cisco products

• Cryptography is critical to every solution and market

• Cryptography is vital to Cybersecurity efforts across all markets

• On the flip side … Cryptography makes network traffic invisible

The Universal Security Feature


Cryptographic Mechanisms

Encryption

Data Authentication

Key Establishment

Signatures

Hashing


Security at Different Layers


802.11 WPA2 Wireless Security

Application

Presentation

Session

Transport

Network

Link

Physical

802.11i

802.11i


Ethernet MACSec

Application

Presentation

Session

Transport

Network

Link

Physical

MACSec

802.1AE

MACSec


IPSec

Application

Presentation

Session

Transport

Network

Link

Physical

IPSec


Transport Layer Security (TLS)

Application

Presentation

Session

Transport

Network

Link

Physical

TLS


Secure Shell (SSH)

SSH

Application

Presentation

Session

Transport

Network

Link

Physical


Secure RTP

SRTP

Application

Presentation

Session

Transport

Network

Link

Physical


Defense in Depth

Application

Presentation

Session

Transport

Network

Link

Physical

IPSec 802.11i

MACSecTLS SRTP

SSH


What is Next-Generation Encryption (NGE)?

• New/upgraded algorithms, key sizes, protocols and entropy

• Compatible with existing security architectures

Cryptographic Technologies

• Algorithm efficiency enabling increased security

• Scales well to high throughput

Secure and Efficient

• Suite B (US)• FIPS-140 (US/Canada)• NATO

Compatible with Government Standards


Next-Generation Encryption: Why is it Important?

• Crypto moves in ten-year investment waves/cycles –Starting with Governments, Financials, etc.

• The explosion of mobile devices (BYOD)

• Low-power endpoint evolution driving need for more efficient, stronger crypto

• Higher data throughputs driving scalability needs

• Current cryptographic implementations *will not* scale to 10G, 40G and 100G

• Vulnerabilities and threats continue to change, and hackers are becoming more skilled and funded


Next-Generation Encryption: Why is it Needed?

• Cryptography is a fundamental underpinning of nearly all security products, solutions, and architectures

• Cisco has increased the R&D and innovation focus on its Security portfolio

• NGE is the strongest and most efficient commercial cryptography– Leverages standards-based solutions– Elliptic Curve, AES-GCM (Galois Counter Mode), etc…

• Networking technologies continue to evolve:– Ethernet (10/100Mb,1Gb,10Gb, 40Gb, 100Gb, …) – Wi-Fi (11, 54, 150, 300, 450, etc… )– Cryptography (3DES, AES-CBC, AES-GCM)


Next-Generation Encryption Protocol Suite

Key Establishment ECDH-P256/384/521

Digital Signatures ECDSA-P256/384/521

Hashing SHA-256/384/512

Authenticated Encryption AES-128/256-GCM

Authentication HMAC-SHA-256/384/512

Entropy SP800-90

17


What is Suite B?

• NSA encryption guidance titled “Suite B”– http://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdf

• “Suite B” is not a protocol – – It is a profile for consistent security when using multiple cryptographically strong

protocols– It enables government customers to conform to Suite B requirements– Suite B offers the best technologies for future-proof cryptography, setting the trend for

the industry

• CNSSP-15 Policy Compliant (Committee on National Security Systems Policy)– (6) The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and

256) are sufficient to protect classified information up to the SECRET level– TOP SECRET information will require use of either the 192 or 256 key lengths. The

implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.

http://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdf






Standards and Protocols

• The following documents provide guidance for using Suite B cryptography with Internet protocols:

Source: http://www.nsa.gov/ia/programs/suiteb_cryptography/

– RFC 6239: "Suite B Cryptographic Suites for Secure Shell (SSH)”– RFC 6318: "Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)”– RFC 6380: "Suite B Profile for Internet Protocol Security (IPSec)”– RFC 6460: "Suite B Profile for Transport Layer Security (TLS)”– RFC 7030: “Enrollment over Secure Transport”


Cisco NGE and Suite B

• NGE is a super set of “Suite B” – Cisco has additional Cipher Suites

• Upgrades all crypto mechanisms – New/Upgraded algorithms, key sizes, protocols and entropy

• Compatible with existing security architectures, e.g., DMVPN, GETVPN, P2P SAs

• Standards-based components, available today in next-generation solutions

• Targets Suite B (US), FIPS-140 (US/Canada), NATO

NGE(Cisco)

Suite B(NSA)


Next-Generation Encryption vs. Suite B

Encryption

Data Authentication

Key Establishment

Digital Signatures

Hashing

AES-128-GCM ECDH-P256 SHA-256ECDSA-P256

AES-256-GCM

ECDH-P384 SHA-384ECDSA-P384

ECDH-P521 SHA-512ECDSA-P521

AES-192-GCM

Suite BmLoS 128

21

Suite BmLoS 192

mLoS = Minumum Level of Security

NGE, Suite B and the Commercial Solution for Classified Program

22


CNSSP-15

• CNSSP-15 (Committee on National Security Systems Policy 15), National Information Assurance Policy (NIAP) on the Use of Public Standards for Secure Sharing of Information Among National Security Systems

• CNSSP-15 states:– IA and IA-enabled IT products with integrated cryptography acquired to protect NSS and

information therein shall adhere to the following:• After 1 October 2015, the appropriate Suite B cryptographic algorithms or a commensurate suite

of NSA-approved cryptographic algorithms shall be included;• Prior to 1 October 2015, the appropriate Suite B cryptographic algorithms and/or the appropriate

legacy cryptographic algorithms, or a commensurate suite of NSA-approved cryptographic algorithms shall be included;

• Be compliant with NSA-approved public key and key management infrastructures as appropriate; and

• Successfully complete security protocol interoperability testing by an NSA-approved security protocol interoperability testing service.


NGE Target Use-CasesNGE for Unclassified

Use: For protection of unclassified data• Strengthens existing data protection

needs

• Opportunity to leverage NGE for advanced protection

• Traditional deployment models

• Upgrade cipher suites for added security

• CNSSP-15 compliance

Why not? Because “they” said so

NGE for ClassifiedUse: For protection of classified data• NSA-led CSfC program

• Well-defined Deployment Architectures

• More stringent deployment policies than Civilian/non-DoD customers

• Leverages a Layered Architectural Approach


NGE Enabled Encryption Architectures:Available Today

Remote Access VPNs

ASA Firewall

CSM / ASDM GM4

GM5

GM6 GM7

GM8

GM9

GM1GM2

GM3KS

GETVPN*

&^*RTW#(*J^*&*sd#J$%UJ&(

802.1X

Supplicantwith

MACSec

Guest User

MACSec Capable Devices

&^*RTW#(*J^*&*sd#J$%UJWD&(

Data sent in clear

MACSec Link

Encrypt DecryptAuthenticated User

MACSec

Spoke-3

. .

.

Site-to-Site, DMVPN and FlexVPN


Commercial Solutions for Classified Program

• NSA/CSS's Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data

• This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years

• CSfC program requirements are customer-driven – CSfC vendors do not request features or drive requirements

– http://www.nsa.gov/ia/programs/csfc_program/index.shtml


Why is CSfC Interesting to Customers?

• Leverages well-known COTS encryption solutions and operation models

• Operational Simplicity– Operational expense – complexity of COTS is not new and risk has diminished– Well understood capabilities, troubleshooting, etc.

• Quicker time-to-market of innovation– Can leverage COTS technology, speeds/feeds, innovation and scale testing by vendors– Will not lag – “industry best practices” and SW feature innovations

• Reduced Cost– COTS TCO will be lower given open market chip sets, silicon and vendor familiarity

• Availability– EAR export restrictions mean fewer availability, handling issues– Rapid Deployment: Allows field to deploy solutions more rapidly


CSfC “Layered” Architectures for Classified

• Architectural, defense-in-depth (e.g. “layers”), approach to security– SECRET require 2 Layers of ‘countable’ Crypto mLoS 128– TOP SECRET requires 2 layers of ‘countable’ Crypto mLoS 192

– Example: 1+1 = 2 ‘countable’ layers sufficient for protecting SECRET information

Suite B VPN / Countable Layer #1

Suite B Application Layer Security / Countable Layer #2

Approved Encryption Technologies can vary at each Layer

Outer Tunnel

Inner Tunnel


CSfC Components

• VPN• Mobility• Campus WLAN

• Must be validated against an approved PP

• NDPP v1.1 minimum• VPNGW EP• SIP Server• Application (VPN, VoIP, etc.)• WLAN

• FIPS 140-2

Capability Packages NIAP Evaluations FIPS

Memorandum of Agreement (MoA) is entered between the CSfC Program office and the Vendor

• The MoA states that the vendor’s product must be NIAP certified, FIPS certified, and that the vendor agrees to fix vulnerabilities in a timely fashion

• The MoA may also reference technology-specific selections for NIAP testing


What is a Capabilities Package (CP)?

• Contain product-neutral information that will allow customers/integrators to successfully implement their own solutions

• Customers/integrators make product selections while following the guidelines/restrictions to create an architecture with specific commercial products configured in a particular manner

• Provide sufficient guidance for accreditors to make informed decisions on whether solutions meet their mission and security requirements

Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/)

http://www.nsa.gov/ia/programs/csfc_program/



NGE vs Suite B vs CSfC (1)

• NGE is a super-set of Suite B– Includes older, transitional ciphers as well as Suite B compliant and stronger ciphers

• Suite B is a consistent and specific implementation of cryptographic ciphers

• CSfC is a layered architecture of Suite B compliant COTS equipment

NGE(Cisco)

Suite B(NSA)

CSfC(NSA)


NGE vs Suite B vs CSfC (2)

• Therefore …– Suite B = NGE but NGE > Suite B– CSfC = two compliant layers of Suite B

• Customers can deploy Suite B and be compliant with CNSSP-15 and not require a CSfC Architecture

• Customers that are tasked with protecting CLASSIFIED material must adhere to the CSfC requirements

32

NGE(Cisco)

Suite B(NSA)

CSfC(NSA)


Manufacturer Diversity Requirement

• CSfC layered solutions, with a single vendor is now permitted under certain conditions

• The manufacturer must document the similarities and differences between the two products, including: cryptographic HW components, SW code base (i.e. operating system), software cryptographic libraries, and development teams

• NSA will review the information of solutions and determine if they meet the requirements for independent layers

• Cisco’s variation of OSs, across certain platforms are targeting this “single-vendor” solution that is compliant with the CSfC guidelines

“The manufacturer diversity requirement for CSfC layered solutions has been modified to permit, subject to certain

conditions, single-manufacturer implementations of both layers.”


Cisco as the Single Vendor Multi-Platform for CSfC• Allows Cisco ASA to be used as an Inner or Outer VPN Gateway when

paired with an approved IOS/IOS-XE VPN router

CSfC Use-Cases

35


Some Quick Terminology

• CSfC – Commercial Solutions for Classified – an NSA-

sponsored program

• Red Network– Red Data consists of unencrypted classified data

including Voice and Video

• Gray Network– Gray Data consists of classified data (including Voice/Video) that has been encrypted

once (TLS/SRTP/IPSec)

• Black Network– Black Data consists of classified data (including Voice/Video) that has been encrypted

twice (typically but not limited to IPSec)

CSfC VPN Compatibility Package

37


CSfC Site-to-Site VPN

– Solution BoundaryOuter IPSec Tunnel – 2nd encryptionInner IPSec Tunnel – 1st encryptionCustomer Traffic - unencrypted

Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/ )

* SECRET requires mLoS 128

** TOP SECRET requires mLoS 192



CSfC Multiple Security Levels


* SECRET requires mLoS 128

** TOP SECRET requires mLoS 192




CSfC Client-to-Site (Remote Access)


* SECRET requires mLoS 128** TOP SECRET requires mLoS 192



Cisco NGE Innovation Focus AreasOptical EncryptionMACSec

41


Foundations of High Speed Crypto

IPSec EncryptionLayer 3

Layer 2

Layer 1

Cisco Product Lines: ISRs, ASR1K, ASR9K

802.11AE (aka MACSec) Ethernet EncryptionCisco Product Lines: Cat 2k,3K,4K,6K; Nexus 7K; ISRNG, ASR1K, ASR9K

OTN EncryptionCisco Product Lines: ONS 15454

OSI Layers


DWDM Encryption Architecture

256 bitAES

Key exchange over OTU2 GCC

OTU2 Payload Encrypted with 256-bit AES

DWDM Wavelength(s)

Ethernet

Fibre Channel

OTN

Ethernet

Fibre Channel

OTN


Why MACSec in the WAN?

• Ethernet services have moved beyond the campus

• Ethernet is growing rapidly as a WAN/Metro wire-line “transport” service– WAN/Metro SP offerings are replacing existing T1, ATM/FR, and SONET OC-x with Ethernet– Ethernet services apply to:

• WAN links for core, edge, remote branch back-haul• PE-CE backhaul• Metro-E service hand-offs (E-LINE, E-LAN, E-TREE)

• Current IPSec encryption rates cannot run line-rate, for all packet sizes beyond 40Gbps

• Cisco’s goal is to integrate MACsec as part of new Ethernet interface/LC development moving forward


Confidentiality and Integrity: 802.1AE based Encryption• MACSec provides Layer-2 hop-by-hop encryption and integrity,

based on IEEE 802.1AE standard

• 128bit AES-GCM (Galois/Counter Mode) – NIST Approved

• Line-rate Encryption/Decryption for 1/10/40/100GbE interfaces

• Replay protection of each and every frame

• 802.1AE encryption to protect CMD field (SGT value)

802.1AE

Customer Benefits• Protects against man-in-the-middle attacks (snooping, tampering, replay)• Standards-based frame format and algorithm (AES-GCM) • 802.1X-2010/MKA addition supports per-device security associations in shared media

environments (e.g. PC vs. IP Phone) to provide secured communication• Network service amenable hop-by-hop approach compared to end-to-end approach (e.g.

Microsoft Domain Isolation/virtualization)


802.1AE (MACSec) Tagging

• Frames are encrypted and protected with an integrity check value (ICV)

• MACSec Ethertype is 0x88e5

• No impact to IP MTU/Fragmentation

• L2 Frame MTU Impact*: ~ 40 bytes = less than baby giant frame (~1600 bytes with 1552 bytes MTU)

D-MAC S-MAC 802.1AE Header 802.1Q CMD E-Type Payload ICV CRC

MACSec EtherType TCI/AN SL Packet Number SCI (optional)

TrustSec Frame Format

Encrypted

0x88e5

Authenticated

NGE and Cisco VPNs

47


VPN Review

• The players in large, multi-site VPN deployments:– Site-to-site (S2)– Dynamic Multipoint VPN (DMVPN)– Group Encrypted Transport VPN (GETVPN)– FlexVPN


IKEv2 Benefits

• Uses less bandwidth than IKEv1

• Supports EAP authentication (not standard in IKEv1)

• Supports Mobile IKE (MOBIKE)– Changing IP addresses

• Built-in NAT traversal

• Can detect whether a tunnel is still alive

• Anti-DOS


VPN Technology ComparisonFeatures DMVPN GETVPN FlexVPN

3rd Party Compatibility xAAA attributes support x

Dynamically addressed spoke x x xDynamic Routing x x x

Dynamic Spoke to Spoke tunnel x x xIKEv2 x x

Public Transport x xIPv6 x x x

IP Multicast x x xNAT x x

Non-IP

QoS x x xVRF x x x

Wrap-Up

61


NGE and CSfC Summary

• Cisco has many products that can satisfy all current CSfC CPs

• NGE/Suite B impacts all Federal customers (CNSSP-15)

• Cisco is actively engaging with the Program office to add more products

• CSfC requirements are Customer led, not Vendor led

• Customers should contact [email protected] for specific Mission requirements that fall outside the Capability Packages

62

mailto:[email protected]

Neil LoveringCCIE #1772

[email protected]